MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594
SHA3-384 hash: 958add527f2303ca8c686f614e904db5299d87d2ef041213a40f0ee689cabb4f4e6d8a169a28c88a7bd1a162ed0dd992
SHA1 hash: 8e2f3b1f568525a58e5b0a7ae8d01653f50aa064
MD5 hash: a70bed78d51badf6bd44b225b3ae0dec
humanhash: april-maine-neptune-early
File name:a70bed78d51badf6bd44b225b3ae0dec
Download: download sample
File size:192'513 bytes
First seen:2020-11-17 14:03:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 3072:7zELTdagO0pzvnCCesf/4iojifsozcI1bPxYQgo4xvZU:7wLTdagLpbnCCZfgtjihv1VYQg7U
Threatray 41 similar samples on MalwareBazaar
TLSH 5014CE4476110C1ECFBD37365A7F04ECE6ECC9987B30B15817B9A6C71A2B2DCA8562B1
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9794901-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 09:59:00 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
473312ffebfedba134fb127faaccf6c0084c03d268f3f333e0722bff8cbaab3d
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-mj2vwvsxwj/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594
MD5 hash:
a70bed78d51badf6bd44b225b3ae0dec
SHA1 hash:
8e2f3b1f568525a58e5b0a7ae8d01653f50aa064
Link:
https://www.unpac.me/results/5b40f960-9254-4082-ad9e-0f111af26be8/
SH256 hash:
db7f072eaa8ac85978f7e307f038167bd6d60408a8e128a72fd7deb175752f0d
MD5 hash:
bdc05aa47185b8519beb9f27efd4eea5
SHA1 hash:
93196a95813b18a8e16b8b9ed6e0d4eaa481247a
Link:
https://www.unpac.me/results/5b40f960-9254-4082-ad9e-0f111af26be8/
SH256 hash:
ece264dd2575f8aec0dae60828c21b4939a317f0bc9984146472042c28a46a9c
MD5 hash:
72974705a37c28805c4fb3ad4013190f
SHA1 hash:
1320775780496847d5a61389172f5396250acde0
Link:
https://www.unpac.me/results/5b40f960-9254-4082-ad9e-0f111af26be8/
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Link:
https://www.unpac.me/results/5b40f960-9254-4082-ad9e-0f111af26be8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments